Описание
Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-apps/xenial | not-affected | |
| esm-infra-legacy/trusty | released | 3.0.5-2ubuntu0.1 |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
| trusty | released | 3.0.5-2ubuntu0.1 |
| trusty/esm | released | 3.0.5-2ubuntu0.1 |
| upstream | released | 4.0.0-1 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.
Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.
Varnish 3.x before 3.0.7, when used in certain stacked installations, ...
Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.
EPSS
5 Medium
CVSS2
7.5 High
CVSS3